The invention relates generally to networked data processing, and relates more specifically to an approach for controlling and tracking access to information that is disseminated by a network.
Many computers are now interconnected in one or more networks or internetworks. One of the most widely used communications networks is the worldwide packet data communication network known as the Internet. The Internet provides access to enormous amounts of information and may be used to transport electronic mail (xe2x80x9cemailxe2x80x9d). A user of a network such as the Internet is associated with a unique email address. The email address may represent an account that is maintained on an email server. Anyone with a computer and an email processing program (xe2x80x9cemail clientxe2x80x9d) can remotely send one or more email messages to any address among millions of addresses, and the recipient may use its email client to read the messages.
Despite the benefits provided by the Internet, users have recently recognized important security issues associated with Internet email. First, the complexity of the Internet allows information to fall into the hands of unintended third parties. For example, when an email is sent via the Internet, the email may travel through numerous sub-networks to reach its destination. Many of these sub-networks include locations where data is temporarily stored before being forwarded to the next location. As a result, copies of an email may be stored at numerous locations unknown to the sender, even though the sender only intended for the email to be provided to a particular recipient or group of recipients. Further, email is easily forwarded to other recipients that are not known to the original sender. As a result, although a sender intends for only a particular recipient to receive a particular email, the email may be forwarded to and received by other recipients.
Once the email has been transported via the Internet, deleting all copies of the email can be difficult, if not impossible, to accomplish. Consider a sensitive email that has been sent via the Internet and now needs to be completely deleted. Locating and deleting the email from the sending and receiving locations is relatively straightforward. However, locating and deleting all copies of the email is difficult, if not impossible, because of the difficulty in determining the locations of all copies of the email. Because the Internet is a packet-switched network, data packets that make up a particular message, or a complete copy of a message, may be stored on intermediate servers of internetworks logically located between sender and recipient; the location of such servers is not predictable. Furthermore, even if all copies of the email are located, special privileges or permissions may be required to delete the copies. For example, some copies may reside on servers in remote locations in other countries. As a result, deleting all copies of the email may be extremely difficult, if not impossible, to accomplish.
These problems are not limited to the Internet. Many corporations have extensive communication networks that have numerous servers, archives, hubs and backup systems where email might be stored.
Moreover, these problems are not limited to email, but apply to any type of information transported over communication networks.
Based on the foregoing, there is a need to control and track access to information disseminated on communications networks. There is a particular need for a comprehensive approach for controlling and tracking access to data disseminated on communications networks.
The foregoing needs, and other needs and objects that will become apparent from the following description, are achieved by the present invention, which comprises, in one aspect, a method for controlling and tracking access to disseminated data. More specifically, a method is provided for controlling and tracking access to a message that is communicated from a first node to a second node in a network. According to the method, a request is received from the first node for a message identifier that uniquely identifies the message and a key that may be used to encode the message. Both the message identifier and the key are generated in response to the request. Both the message identifier and the key are provided to the first node to allow the message to be encoded with the key to generate an encoded message. A request is received from the second node for the key. The key is provided to the second node to allow the encoded message to be decoded and the message to be retrieved using the key. Finally, the key is deleted based upon specified key policy criteria to prevent copies of the encoded message from being decoded.
According to another aspect of the invention, an apparatus is provided for controlling and tracking access to a message that is communicated from a first node to a second node in a network. The apparatus comprises a storage medium and a key repository communicatively coupled to the storage medium. The key repository is configured to receive a request from the first node for a message identifier that uniquely identifies the message and a key that may be used to encode the message and generate, in response to the request, both the message identifier and the key. The key repository is also configured to provide both the message identifier and the key to the first node to allow the message to be encoded with the key to generate an encoded message. The key repository is further configured to receive a request from the second node for the key and provide the key to the second node to allow the encoded message to be decoded and the message to be retrieved using the key. Finally, the key repository is configured to delete the key based upon specified key policy criteria to prevent copies of the encoded message from being decoded.